接口限流&令牌桶算法&Redis分布式限流

工作中对外提供的API 接口设计很多时候要考虑限流,如果不考虑,可能会造成系统的连锁反应,轻者响应缓慢,重者系统宕机。而常用的限流算法有令牌桶算法和漏桶算法,本篇介绍令牌桶算法

令牌桶算法

image.png

原理如上图,系统以恒定速率不断产生令牌,令牌桶有最大容量,超过最大容量则丢弃,同时用户请求接口,如果此时令牌桶中有令牌则能访问获取数据,否则直接拒绝用户请求

java代码实现

/**
 * 线程池每0.5s发送随机数量的请求,每次请求计算当前的令牌数量,请求令牌数量超出当前令牌数量,则产生限流
 */
@Slf4j
public class TokensLimiter {
 
    private ScheduledExecutorService scheduledExecutorService = Executors.newScheduledThreadPool(1);
 
    // 最后一次令牌发放时间
    public long timeStamp = System.currentTimeMillis();
    // 桶的容量
    private int capacity = 7;
    // 令牌生成速度5/s
    private int rate = 5;
    // 当前令牌数量
    private int tokens;
 
    public void acquire() {
        //令牌生成速度 = 5/1s   此次时间-上次生成时间=中间耗费时间
        scheduledExecutorService.scheduleWithFixedDelay(() -> {
            long now = System.currentTimeMillis();

            long tokensCal = tokens + (now - timeStamp) * rate/1000;
            int tokenCalInt = (int)tokensCal;
            // 当前令牌数
            tokens = Math.min(capacity,tokenCalInt);
            //每隔0.5秒发送随机数量的请求
            int permits = (int) (Math.random() * 9) + 1;
            log.info("请求令牌数:" + permits + ",当前令牌数:" + tokens);
            timeStamp = now;
            if (tokens < permits) {
                // 若不到令牌,则拒绝
                log.info("限流了");
            } else {
                // 还有令牌,领取令牌
                tokens -= permits;
                log.info("剩余令牌=" + tokens);
            }
        }, 1000, 500, TimeUnit.MILLISECONDS);
        //1秒以后开始执行第一次任务,第一次执行完每隔500ms执行下次任务
    }
 
    public static void main(String[] args) {
        TokensLimiter tokensLimiter = new TokensLimiter();
        tokensLimiter.acquire();
    }
}

输出结果:


image.png

Guava rateLimiter实现

public abstract class AbstractInterceptor extends HandlerInterceptorAdapter {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        ResponseEnum result;
        try{
            result = preFilter(request);
        }catch (Exception e){
            result = ResponseEnum.SERVER_ERROR;
        }

        if(ResponseEnum.OK == result){
            return true;
        }
        //未申请到被限流
        rateLimitResponse(result,response);
        return false;
    }

    private void rateLimitResponse(ResponseEnum result, HttpServletResponse response){
        R r = R.error(500,result.getMsg());
        try {
            response.getWriter().write(JSON.toJSONString(r));
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    //自己声明的抽象方法,交给子类实现
    protected abstract ResponseEnum preFilter(HttpServletRequest request);
}
@Slf4j
@Component
public class RateLimitInterceptor extends AbstractInterceptor {

    /**
     * 单机全局限流器,QPS为1
     */
    @SuppressWarnings("UnstableApiUsage")
    private static final RateLimiter RATE_LIMITER = RateLimiter.create(1);

    @Override
    protected ResponseEnum preFilter(HttpServletRequest request) {
        if(!RATE_LIMITER.tryAcquire()){
            log.info("限流了..");
            return ResponseEnum.RATE_LIMIT;
        }
        log.info("请求成功");
        return ResponseEnum.OK;
    }
}
@Getter
public enum ResponseEnum {

    OK("成功"),RATE_LIMIT("访问次数受限"),SERVER_ERROR("服务器错误"),QUERY_FAIL("查询失败");
    private String msg;

    ResponseEnum(String msg) {
        this.msg = msg;
    }
}

执行结果


image.png

Redis rateLimiter

分布式环境下解决方案
需要限流的接口使用该注解

/**
 * 1(时间)分钟(单位)允许某个ip请求的最大次数(max)
 *
 * 如每隔2分钟,单IP限定访问次数不能超过10次
 */
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface RedisRateLimiter {

    /**
     * 默认根据IP拦截
     */
    LimitType limitType() default LimitType.IP;

    enum LimitType{
        GENERAL,IP,USERID;
    }

    /**
     * 限制时间长度
     */
    long timeLimitLength() default 1;

    /**
     * 限制时间长度的单位
     */
    TimeUnit timeLimitLengthUnit() default TimeUnit.SECONDS;

    /**
     * 允许时间内最大访问数
     */
    long max() default 1;

    /**
     * redis存储的key
     */
    String storeKey() default "";

}

redis配置文件

@Configuration
public class RedisConfig {
    @Bean
    @SuppressWarnings("unchecked")
    public RedisScript limitRedisScript() {
        DefaultRedisScript redisScript = new DefaultRedisScript<>();
        redisScript.setScriptSource(new ResourceScriptSource(new ClassPathResource("scripts/redis/limit.lua")));
        redisScript.setResultType(Long.class);
        return redisScript;
    }
}

切面

@Slf4j
@Component
@Aspect
@RequiredArgsConstructor(onConstructor_ = @Autowired)
public class RedisRateLimitAspect {

    private final static String REDIS_RATE_LIMIT_KEY_PREFIX="limit:";
    private final StringRedisTemplate stringRedisTemplate;
    private final RedisScript limitRedisScript;

    @Pointcut("@annotation(com.jerrysong.jwt.annotations.RedisRateLimiter)")
    public void rateLimit() {}

    @Before("rateLimit()")
    public void pointCut(JoinPoint joinPoint){
        MethodSignature signature = (MethodSignature) joinPoint.getSignature();
        Method method = signature.getMethod();
        // 通过 AnnotationUtils.findAnnotation 获取 RateLimiter 注解
        RedisRateLimiter redisRateLimit = AnnotationUtils.findAnnotation(method, RedisRateLimiter.class);

        if(redisRateLimit!=null){

            //获取存储key名称
            String key = redisRateLimit.storeKey();
            //获取时间限制
            long timeLimitLength = redisRateLimit.timeLimitLength();
            //获取时间限制单位
            TimeUnit timeLimitLengthUnit = redisRateLimit.timeLimitLengthUnit();
            //时间单位最大访问数目
            long max = redisRateLimit.max();


            if(StringUtils.isBlank(key)){
                key = method.getDeclaringClass().getSimpleName()+"."+method.getName();
            }

            HttpServletRequest request
                    = ((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getRequest();

            key = key+":"+ IpUtil.getIpAddr(request);

            //追加统一限流前缀
            key =REDIS_RATE_LIMIT_KEY_PREFIX +key;

            long now = System.currentTimeMillis();
            //将2分钟转化为毫秒时间戳,以获得2分钟前时间
            long limitTimeLengthMills =timeLimitLengthUnit.toMillis(timeLimitLength);

            //应该移除的分值区间
            long removeScore = now-limitTimeLengthMills;

            Long r = stringRedisTemplate.execute(
                    limitRedisScript,
                    Lists.newArrayList(key),
                    "" + now,
                    "" + limitTimeLengthMills,   //设置key的保存时间,该key在2分钟的允许时间内做zadd操作
                    "" + removeScore,     //移除当前时间2分钟前过期的score
                    "" + max);

            if(r!=null){
                if(r==0){
                    log.error("【{}】在 "+timeLimitLength+formatTimeUnit(timeLimitLengthUnit)+" 内已达到访问上限,当前接口上限 {}", key, max);
                    throw new RuntimeException("手速太快了,慢点儿吧~");
                }else{
                    log.info("【{}】在 "+timeLimitLength+formatTimeUnit(timeLimitLengthUnit)+" 内访问 {} 次", key, r);
                }
            }

        }


    }

    private String formatTimeUnit(TimeUnit timeUnit){
        if(timeUnit==TimeUnit.MINUTES){
            return "分钟";
        }else if(timeUnit==TimeUnit.SECONDS){
            return "秒";
        }else if(timeUnit==TimeUnit.HOURS){
            return "小时";
        }
        return "illegal timeUnit args";
    }

}

LUA脚本

local key = KEYS[1]
local now = tonumber(ARGV[1])
local limitTimeLengthMills = tonumber(ARGV[2])
local removeScore = tonumber(ARGV[3])
local max = tonumber(ARGV[4])

redis.call('ZREMRANGEBYSCORE',key,0,removeScore)
local current = tonumber(redis.call('ZCARD',key))
local next = current+1

if next>max then
    return 0
else
    redis.call('ZADD',key,now,now)
    redis.call('PEXPIRE',key,limitTimeLengthMills)
    return next
end

控制层

@Slf4j
@RestController
public class RedisLimitController {

    @TokenNoCheck
    @RedisRateLimiter
    @GetMapping("/test1")
    public R test1() {
        log.info("【test1】被执行了。。。。。");
        return R.ok("成功访问到api [1]~");
    }

    @TokenNoCheck
    @RedisRateLimiter(max = 1,limitType = RedisRateLimiter.LimitType.IP,timeLimitLength = 1,timeLimitLengthUnit = TimeUnit.SECONDS)
    @GetMapping("/test2")
    public R test2() {
        log.info("【test2】被执行了。。。。。");
        return R.ok("成功访问到api [2]~");
    }

    @TokenNoCheck
    @RedisRateLimiter(max = 5,limitType = RedisRateLimiter.LimitType.IP,timeLimitLength = 1,timeLimitLengthUnit = TimeUnit.MINUTES)
    @GetMapping("/test3")
    public R test3() {
        log.info("【test3】被执行了。。。。。");
        return R.ok("成功访问到api [3]~");
    }
}
image.png

你可能感兴趣的:(接口限流&令牌桶算法&Redis分布式限流)